The Last Watchdog

JULY 1, 2024

The coalescing of the next-gen security platforms that will carry us forward continues. Related: Jump starting vulnerability management Adaptiva, a leader in autonomous endpoint management, recently announced the launch of OneSite Patch for CrowdStrike. This new solution integrates with CrowdStrike’s Falcon XDR platform to improve the efficiency and speed of patching critical vulnerabilities in enterprise systems.

Manufacturing 278

Manufacturing Risk Internet Internet 278

Schneier on Security

JULY 1, 2024

A new paper , “Polynomial Time Cryptanalytic Extraction of Neural Network Models,” by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it’s a really interesting result. Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks.

240

240

Tech Republic Security

JULY 1, 2024

Security analysts found that 52% of open-source projects are written in memory-unsafe languages like C and C++.

Software 195

Software 195

Penetration Testing

JULY 1, 2024

The Qualys Threat Research Unit (TRU) has detailed a severe security flaw, dubbed ‘regreSSHion,’ that leaves millions of Linux systems vulnerable to remote code execution. The vulnerability, identified as CVE-2024-6387, affects OpenSSH’s server (sshd)... The post CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

JULY 1, 2024

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability has been assigned the CVE identifier CVE-2024-6387.

145

145

Security Boulevard

JULY 1, 2024

SolarWinds hackers strike again: Remote access service hacked—by APT29, says TeamViewer. The post ‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk appeared first on Security Boulevard.

Risk 135

Risk Hacking Social Engineering Authentication 135

Malwarebytes

JULY 1, 2024

The Australian Federal Police (AFP) have charged a man for setting up fake free WiFi access points in order to steal personal data from people. The crime was discovered when an airline reported a suspicious WiFi network identified by its employees during a domestic flight. When the alleged perpetrator landed at Perth airport, his bags were searched and authorities found a portable wireless access device, a laptop, and a mobile phone in his hand luggage.

Wireless 135

Wireless Cybercrime Media Encryption 135

Security Boulevard

JULY 1, 2024

Digital nomads go where the wind takes them around the globe, often working from coffee shops, co-working locations or public libraries. They rely on connecting to their work life via their mobile hotspot or public wi-fi connections. The post Remote Rigor: Safeguarding Data in the Age of Digital Nomads appeared first on Security Boulevard.

Mobile 126

Mobile Security Awareness Risk Government 126

The Hacker News

JULY 1, 2024

Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware. The installers correspond to Notezilla, RecentX, and Copywhiz, according to cybersecurity firm Rapid7, which discovered the supply chain compromise on June 18, 2024.

Software 134

Software Malware Hacking Cybersecurity 134

Bleeping Computer

JULY 1, 2024

A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems.

135

135

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JULY 1, 2024

A critical flaw in the OpenSSH server can be exploited to achieve unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintainers addressed a critical vulnerability, tracked as CVE-2024-6387, that can lead to unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintained have addressed the vulnerability with the release of version 9.8 on July 01, 2024. “A critical vulnerability in sshd(8) was present

Internet 139

Internet Internet Risk Hacking 139

Security Boulevard

JULY 1, 2024

While AI helps automatically detect and respond to rapidly evolving threats, XAI helps security professionals understand how these decisions are being made. The post What is the Role of Explainable AI (XAI) In Security? appeared first on Security Boulevard.

Security Awareness 121

Security Awareness Cybersecurity 121

The Hacker News

JULY 1, 2024

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data.

Scams 140

Scams 140

Security Affairs

JULY 1, 2024

Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from cybersecurity firm GreyNoise have spotted exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8) impacting all D-Link DIR-859 WiFi routers. The vulnerability is a path traversal issue that can lead to information disclosure.

Passwords 134

Passwords Accountability Authentication Internet 134

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

JULY 1, 2024

As employers scramble to find or train security talent, organizations that ignore the inclusive approach may weaken their competitive posture in the battle for talent and overall security. The post Cybersecurity Workforce Sustainability has a Problem. DEI Could be the Solution. appeared first on Security Boulevard.

Cybersecurity 119

Cybersecurity CISO 119

We Live Security

JULY 1, 2024

Here’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform

Scams 124

Scams Hacking Malware 124

Security Boulevard

JULY 1, 2024

The Cyber Trust Mark is a labeling initiative for consumer IoT devices in the United States that builds on work undertaken by the FCC and NIST, establishing data privacy and cybersecurity standards for connected devices. The post Cyber Trust Mark: The Impacts and Incentives of Early Adoption appeared first on Security Boulevard.

Data privacy 119

Data privacy IoT Cybersecurity Security Awareness 119

Bleeping Computer

JULY 1, 2024

Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. [.

Data breaches 117

Data breaches Financial Services 117

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

JULY 1, 2024

Juniper Networks released out-of-band security updates to address a critical authentication bypass vulnerability impacting some of its routers. Juniper Networks has released out-of-band security updates to address a critical vulnerability, tracked as CVE-2024-2973 (CVSS score of 10.0), that could lead to an authentication bypass in some of its routers.

Authentication 129

Authentication Firewall Hacking 129

Bleeping Computer

JULY 1, 2024

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. [.

Malware 134

Malware 134

The Hacker News

JULY 1, 2024

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest.

Spyware 122

Spyware Social Engineering Mobile Engineering 122

Tech Republic Security

JULY 1, 2024

Is Surfshark better than AVG? Is AVG Secure VPN worth it? Find out which VPN is better with our guide.

VPN 131

VPN 131

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

JULY 1, 2024

Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU. [.

106

106

The Hacker News

JULY 1, 2024

At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research, 93% of organizations had two or more identity-related breaches in the past year.

112

112

Penetration Testing

JULY 1, 2024

The Apache Software Foundation has issued an urgent security advisory, disclosing multiple vulnerabilities in its widely used Apache HTTP Server. These flaws range from denial-of-service (DoS) attacks to remote code execution and unauthorized access,... The post Multiple Vulnerabilities in Apache HTTP Server Demand Immediate Action appeared first on Cybersecurity News.

Software 98

Software Cybersecurity 98

Malwarebytes

JULY 1, 2024

This week on the Lock and Code podcast … More than 20 years ago, a law that the United States would eventually use to justify the warrantless collection of Americans’ phone call records actually started out as a warning sign against an entirely different target: Libraries. Not two months after terrorists attacked the United States on September 11, 2001, Congress responded with the passage of The USA Patriot Act.

Surveillance 101

Surveillance Government Big data Cybersecurity 101

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Through Education

JULY 1, 2024

In the digital age, as our reliance on technology deepens, so does the creativity of malicious actors seeking to exploit vulnerabilities. One of the many growing threats to our security is SMiShing , a blend of SMS (Short Message Service) and phishing. SMiShing attacks utilize text messages to deceive individuals into divulging sensitive information or performing actions that compromise their security.

Social Engineering 98

Social Engineering Scams Education Security Awareness 98

Bleeping Computer

JULY 1, 2024

BleepingComputer has verified that the helpdesk portal of a router manufacturer is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. [.

Phishing 98

Phishing Manufacturing 98

GlobalSign

JULY 1, 2024

Avoid disruptions to your business by switching to GlobalSign, and ensure that your certificates are publicly trusted by all major browsers.

111

111

The Hacker News

JULY 1, 2024

Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the company's "pay or consent" advertising model is in contravention of the Digital Markets Act (DMA).

Advertising 104

Advertising Media Marketing 104

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government